🔐 An authorized remote user with access or knowledge of the standard encryption key could gain access and decrypt the FortiOS backup files and all non-administrator passwords, private keys, and High Availability (HA) passwords.
This Python script is designed to recover passwords encrypted using FortiGate's encryption method. It can be used to decrypt both user passwords and High Availability (HA) configuration passwords stored in FortiOS configuration files.
- Python 3.x
git clone https://github.com/saladandonionrings/cve-2019-6693.git
cd cve-2019-6693
pip3 install pycryptodome
- Have "admin read access" at least to Fortigate.
- Go to "CLI Console" >
show user local
and download - Place the FortiOS user data in a text file named
data.txt
. Ensure that the data file contains user information in the FortiOS format.
- Go to "CLI Console" >
show system ha
and download - Place the FortiOS user data in a text file named
ha_config.txt
. Ensure that the data file contains HA information in the FortiOS format. - Run the script using the following command:
python3 fortigate-decrypt.py